Quicken Community is moving to Single Sign On! Starting 1/22/21, you'll sign in to the community with your Quicken ID. For more information: http://bit.ly/CommunitySSO

What are the bank password rules applied by Quicken?

The Quicken documentation says “Please note, Quicken has a 16-character limit for bank passwords. If your bank password is longer than 16 characters, it will need to be shortened.” I changed a financial institution password to one without any digits in it, let's pretend it was abcdef-abcdef but found that when I came to "Manage Your Passwords" and tried to store it in my password vault, it was rejected, whereas abcdef-abcde1 was accepted, suggesting that there are perhaps other constraints.

First of all, this is my financial institution password, not a Quicken password, so mandating rules for it is something the financial institution can do, but Quicken should not. Second, if Quicken DOES apply rules, they should be documented and ideally the software should tell me when I have broken them with a message that clearly indicates these are Quicken rules NOT financial institution rules.

To compound the problem there are other places in Quicken where the same rules are seemingly not applied, but the end result is that downloads do not work, so if there are rules Quicken should apply them uniformly.
Tagged:

Best Answers

  • dgm
    dgm Member ✭✭
    Accepted Answer
    Thanks, I'll do that.

    However, my point is that they are not financial institution password rules, they are Quicken password rules, my financial institution (in this case) had no rule forbidding passwords without a digit in them, but Quicken did. In claiming that my financial institution had such a rule when it clearly didn't, Quicken confused the daylights out of me.

    Worse, it turns out there are some related obscure problems that are much less obvious than the inability to add such a password to the vault, some Quicken dialogs accept such a password and that leads to, for (example) being able to download a list of accounts and add (or link) them, but not being able to download any transactions for those accounts. Which, to the naïve helpdesk employee looks like a financial institution download problem, but is in fact a Quicken problem.

    Luckily for me, all this has an easy workaround, just use a password that my financial institution AND quicken both accept and all the problems go away. I come from a work background in enterprise software where we fix bugs just because they are bugs, of course we still fix the critical ones first but the notion of users needing to vote on whether a bug gets fixed is a bit alien to me. Of course it means your support budget goes up and your development budget may go down a corresponding amount but at this point in its life Quicken reliability and performance matter more to me than new features. But that's just me.

    Anyway, thanks for the hint, I'll file this as a "New idea" and get on with my life!
  • dgm
    dgm Member ✭✭
    Accepted Answer
    Well. that IS interesting, so the rules are are implemented by Quicken, but (nominally at least) provided by the institution. My long (a shade under 4 hours) and tiresome interaction with a helpful, but inarticulate, chat agent kept getting lost down the rathole of "it's a download problem caused by the financial institution, talk to them", which seemed highly unlikely to help.

    You're right, whatever method is used to provide (and update) the rules clearly does not always work, like you I'd be inclined to not bother at all, an incorrect password will eventually report an error anyway, so while the rules might catch the occasional mistyped password that's hardly worth the grief caused by rejecting, or worse, mishandling, a legitimate password.

    Thanks, and thanks also for the hint on upvoting my own suggestion, I'll do that.

Answers

  • Chris_QPW
    Chris_QPW Member ✭✭✭✭
    Quicken, by way of Intuit, gets the rules from the financial institutions.  So there isn't one set of rules.  And at times it seems that however Intuit picks them up and gets this information to Quicken there sometimes these rules don't in fact line up with what the financial institution allows (stale or just plain wrong).

    Note there are a very small amount of special characters that are special to web pages, and with Express Web Connect they are going through the web pages and as such can't be used as documented here:
    https://www.quicken.com/support/password-vault-your-bank-could-not-use-password-you-entered

    But this has nothing to do with the "rules applied" that come from the financial institution.  And it doesn't apply to Direct Connect.

    Personally I believe that Quicken shouldn't be applying the rules at all.  After all the user will find out quick enough if they put in a bad password by getting a password failure when the update.
    Signature:
    (I'm always using the latest Quicken Windows Premier subscription version)
    This is my website: http://www.quicknperlwiz.com/
  • dgm
    dgm Member ✭✭
    Thanks for the reference Chris, I get the point that there may be technical constraints that mean some characters will never work over web connect (<>& and so on) though most of these can be encoded so as to be acceptable in HTML - it's a bit of a pain though.

    So I can live with Quicken enforcing those rules, especially for web connect, but enforcing "must have a digit" is just not appropriate, my financial institution will enforce that if they feel inclined to. All of which (I think) is a long winded way of saying I agree with you.
  • Chris_QPW
    Chris_QPW Member ✭✭✭✭
    As a side note, yes the HTML characters can be escaped, but what is happening is that Quicken makes a request to the Intuit servers and the Intuit server "scripts" do the actual accessing of the financial institution's data, and I would suspect that those scripts have functions/other "layers" of code that is common and such, the escaping of those characters might have to be aware of all the layers they go through to get it right. And so they just "punt" and say don't use them.  In any case it something that Intuit imposes and it is highly unlikely that Quicken Inc is going to get them to change.

    But Quicken Inc definitely has control over whether to apply the financial institution rules for the passwords or not, and I don't know of anyone that would disagree that dropping them is a good idea.
    Signature:
    (I'm always using the latest Quicken Windows Premier subscription version)
    This is my website: http://www.quicknperlwiz.com/
  • dgm
    dgm Member ✭✭
    Yep, operating through many layers of software is a pain, especially if someone else controls them. In this particular case I'm using direct connect, so I'm not sure if HTML related rules are relevant.

    Still, leaving that aside, my question was intentionally "what are the rules?" not "why does Quicken apply rules to someone else's password at all", which we are agreed is a Bad Thing.

    The reference Chris provided is helpful, but says such things as "use characters other than special characters (such as &, <, >, \, or /)" (without the quotes) which is super, except my financial institution password REQUIRES that passwords contain at least one special character, so now it is up to me to try and guess which special characters are acceptable to both Quicken and my financial institution, a process which would be simplified by Quicken publishing the actual rules (including an exhaustive list of banned characters), not just an approximation of them. Even better, tell me what rule I'm violating when I violate one, or at least tell me it is Quicken's rules I'm violating and where to find a description of them.
  • dgm
    dgm Member ✭✭
    Accepted Answer
    Thanks, I'll do that.

    However, my point is that they are not financial institution password rules, they are Quicken password rules, my financial institution (in this case) had no rule forbidding passwords without a digit in them, but Quicken did. In claiming that my financial institution had such a rule when it clearly didn't, Quicken confused the daylights out of me.

    Worse, it turns out there are some related obscure problems that are much less obvious than the inability to add such a password to the vault, some Quicken dialogs accept such a password and that leads to, for (example) being able to download a list of accounts and add (or link) them, but not being able to download any transactions for those accounts. Which, to the naïve helpdesk employee looks like a financial institution download problem, but is in fact a Quicken problem.

    Luckily for me, all this has an easy workaround, just use a password that my financial institution AND quicken both accept and all the problems go away. I come from a work background in enterprise software where we fix bugs just because they are bugs, of course we still fix the critical ones first but the notion of users needing to vote on whether a bug gets fixed is a bit alien to me. Of course it means your support budget goes up and your development budget may go down a corresponding amount but at this point in its life Quicken reliability and performance matter more to me than new features. But that's just me.

    Anyway, thanks for the hint, I'll file this as a "New idea" and get on with my life!
  • dgm
    dgm Member ✭✭
    Accepted Answer
    Well. that IS interesting, so the rules are are implemented by Quicken, but (nominally at least) provided by the institution. My long (a shade under 4 hours) and tiresome interaction with a helpful, but inarticulate, chat agent kept getting lost down the rathole of "it's a download problem caused by the financial institution, talk to them", which seemed highly unlikely to help.

    You're right, whatever method is used to provide (and update) the rules clearly does not always work, like you I'd be inclined to not bother at all, an incorrect password will eventually report an error anyway, so while the rules might catch the occasional mistyped password that's hardly worth the grief caused by rejecting, or worse, mishandling, a legitimate password.

    Thanks, and thanks also for the hint on upvoting my own suggestion, I'll do that.
This discussion has been closed.